Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2006-4025

    SQL injection vulnerability in profile.php in XennoBB 2.1.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) bday_day, (2) bday_month, and (3) bday_year parameters in the personal section.... Read more

    Affected Products : xennobb
    • Published: Aug. 09, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3586

    SQL injection vulnerability in Jetbox CMS 2.1 SR1 allows remote attackers to execute arbitrary SQL commands via the (1) frontsession COOKIE parameter and (2) view parameter in index.php, and the (3) login parameter in admin/cms/index.php.... Read more

    Affected Products : jetbox_cms
    • Published: Aug. 08, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-3585

    Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS 2.1 SR1 allow remote attackers to inject arbitrary web script or HTML via the (1) login parameter in admin/cms/index.php, (2) unspecified parameters in the "Supply news" page in formmail.ph... Read more

    Affected Products : jetbox_cms
    • Published: Aug. 08, 2006
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2006-3637

    Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka "HTML Render... Read more

    Affected Products : internet_explorer ie
    • Published: Aug. 08, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3450

    Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document.getElementByID Javascript function to access crafted Cascading Style Sheet (CSS) elements, and possibly other unspecified vectors involving certain layou... Read more

    Affected Products : internet_explorer ie
    • Published: Aug. 08, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3451

    Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when "multiple imports are used on a styleSheets collection" to construct a chain of Cascading Style Sheets (CSS), which allows remote attackers to execute arbitrary code via unspecif... Read more

    Affected Products : ie
    • Published: Aug. 08, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3638

    Microsoft Internet Explorer 5.01 and 6 does not properly handle uninitialized COM objects, which allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code, as demonstrated by the Nth function in the Direc... Read more

    Affected Products : internet_explorer ie
    • Published: Aug. 08, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3583

    Session fixation vulnerability in Jetbox CMS 2.1 SR1 allows remote attackers to hijack web sessions via a crafted link and the administrator section.... Read more

    Affected Products : jetbox_cms
    • Published: Aug. 08, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3584

    Dynamic variable evaluation vulnerability in index.php in Jetbox CMS 2.1 SR1 allows remote attackers to overwrite configuration variables via URL parameters, which are evaluated as PHP variable variables.... Read more

    Affected Products : jetbox_cms
    • Published: Aug. 08, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-3856

    IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 allows local users to cause a denial of service (crash) via unspecified vectors.... Read more

    Affected Products : informix_dynamic_server
    • Published: Aug. 08, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3862

    Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC5 through 9.40.xC7 and 10.00.TC1 through 10.00.xC3 allows attackers to execute arbitrary code via the SQLIDEBUG environment variable (envariable).... Read more

    Affected Products : informix_dynamic_server
    • Published: Aug. 08, 2006
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2006-3114

    PC Tools AntiVirus 2.1.0.51 uses insecure default permissions on the "PC Tools AntiVirus" directory, which allows local users to gain privileges and execute commands.... Read more

    Affected Products : pc_tools_antivirus
    • Published: Aug. 08, 2006
    • Modified: Apr. 03, 2025

  • 6.5

    MEDIUM
    CVE-2006-3857

    Multiple buffer overflows in IBM Informix Dynamic Server (IDS) before 9.40.TC6 and 10.00 before 10.00.TC3 allow remote authenticated users to execute arbitrary code via (1) the getname function, as used by (a) _sq_remview, (b) _sq_remproc, (c) _sq_remperm... Read more

    Affected Products : informix_dynamic_database_server
    • Published: Aug. 08, 2006
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2006-3853

    Buffer overflow in IBM Informix Dynamic Server (IDS) before 9.40.TC7 and 10.00 before 10.00.TC3, when running on Windows, allows remote attackers to execute arbitrary code via a long username.... Read more

    Affected Products : informix_dynamic_server
    • Published: Aug. 08, 2006
    • Modified: Apr. 03, 2025

  • 6.5

    MEDIUM
    CVE-2006-3855

    The ifx_load_internal function in IBM Informix Dynamic Server (IDS) allows remote authenticated users to execute arbitrary C code via the DllMain or _init function in a library, aka "C code UDR."... Read more

    Affected Products : informix_dynamic_server
    • Published: Aug. 08, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-3858

    IBM Informix Dynamic Server (IDS) before 9.40.xC8 and 10.00 before 10.00.xC4 stores passwords in plaintext in shared memory, which allows local users to obtain passwords by reading the memory (product defects 171893, 171894, 173772).... Read more

    Affected Products : informix_dynamic_server
    • Published: Aug. 08, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2006-3861

    IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 does not use database creation permissions, which allows remote authenticated users to create arbitrary databases.... Read more

    Affected Products : informix_dynamic_server
    • Published: Aug. 08, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-4018

    Heap-based buffer overflow in the pefromupx function in libclamav/upx.c in Clam AntiVirus (ClamAV) 0.81 through 0.88.3 allows remote attackers to execute arbitrary code via a crafted UPX packed file containing sections with large rsize values.... Read more

    Affected Products : clamav
    • Published: Aug. 08, 2006
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2006-4020

    scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows context-dependent attackers to execute arbitrary code via a sscanf PHP function call that performs argument swapping, which increments an index past the end of an array and triggers a buffer ... Read more

    Affected Products : php
    • Published: Aug. 08, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-4008

    PHP remote file inclusion vulnerability in index.php in Knusperleicht Faq 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the faq_path parameter.... Read more

    Affected Products : faq
    • Published: Aug. 07, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 294274 Results